[Bug 1039420] Re: NTP security vulnerability because not using authentication by default
Sami Farin
hvtaifwkbgefbaei at gmail.com
Sun Mar 1 00:04:26 UTC 2015
Authenticated Network Time Synchronization
Benjamin Dowling and Douglas Stebila and Greg Zaverucha
https://eprint.iacr.org/2015/171
http://research.microsoft.com/apps/pubs/?id=240885
Some silly MUSTs, like RSA >= 2048 bits..
And instead of e.g. AES-CBC+HMAC-SHA why not NORX or something simple
https://norx.io/
or chacha20-poly1305.. and of course
git://github.com/agl/curve25519-donna.git
...well Microsoft can use 4096 bit RSA for all I care, but does someone want to start a "Simple ANTP" project?
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to ntp in Ubuntu.
https://bugs.launchpad.net/bugs/1039420
Title:
NTP security vulnerability because not using authentication by default
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1039420/+subscriptions
More information about the Ubuntu-server-bugs
mailing list